Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

37ac7f9563...4d.doc

windows7_x64

10

37ac7f9563...4d.doc

windows10_x64

10

Analysis

  • max time kernel
    107s
  • max time network
    55s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    09/07/2020, 10:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37ac7f956381da1d531fa7fd074fe3b723d25800d32a2d9234fab38a55f8894d.doc

  • Size

    147KB

  • MD5

    a20080ebe47ebf852ae1aeab66f8b662

  • SHA1

    8fd44fabab8b70f7cffb34165a58ac6cf19fda82

  • SHA256

    37ac7f956381da1d531fa7fd074fe3b723d25800d32a2d9234fab38a55f8894d

  • SHA512

    542725f37c96808b7d85dfc1bc21159e59cddd18fbd5e789df5eda8a9eda1b50410926104f9579203919875e9790878f1d5f09296e05ca5410a3f078126e9bce

Score
10/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Suspicious use of WriteProcessMemory 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present

Processes

  • C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\37ac7f956381da1d531fa7fd074fe3b723d25800d32a2d9234fab38a55f8894d.doc"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1144
    • C:\Windows\System32\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" EA.tmp
      2⤵
      • Process spawned unexpected child process
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1144-0-0x0000000006EFB000-0x0000000006F00000-memory.dmp

    Filesize

    20KB

    Download